Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Improper Input Validation Vulnerability (CVE-2020-7925)

Description

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

Remediation

References

Related Vulnerabilities

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Open Redirect (4.0)

Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33378)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43722)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5320)

Oracle Database Server CVE-2023-22052 Vulnerability (CVE-2023-22052)

Severity

High

Classification

CVE-2020-7925 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities